search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.32k stars 932 forks source link

LDAP not functioning #2764

Closed srobier closed 1 year ago

srobier commented 1 year ago

Description

When attempting to log into the OCTI UI using the LDAP configuration the docker container stops and restarts the opencti platform. No logs are captured.

Environment

OS: LINUX (Centos7) OCTI version: 5.5.2 OCTI client frontend Other environment details:

  1. running HTTPS 8443

  2. deployed using docker-compose.yml

    • PROVIDERSLDAPSTRATEGY=LdapStrategy
    • PROVIDERSLDAPCONFIG__URL=ldap://LDAPserverIP:389
    • PROVIDERSLDAPCONFIG__BIND_DN=CN=ldapadm,OU=People,DC=opencti,DC=com
    • PROVIDERSLDAPCONFIG__BIND_CREDENTIALS=password
    • PROVIDERSLDAPCONFIG__SEARCH_BASE=OU=(objectClass=People)
    • PROVIDERSLDAPCONFIG__SEARCH_FILTER=(cn={{username}})
    • PROVIDERSLDAPCONFIG__MAIL_ATTRIBUTE=userPrincipalName
    • PROVIDERSLDAPCONFIG__ACCOUNT_ATTRIBUTE=givenName
    • PROVIDERSLDAPCONFIG__ALLOW_SELF_SIGNED=true
    • PROVIDERSLOCALSTRATEGY=LocalStrategy

Reproducible Steps

  1. Have a LDAP server setup.
  2. Have a LDAP client setup and running OCTI on same instance for simplicity.
  3. Add LDAP config to OCTI deployment config.
  4. Attempt login via OCTI UI dashboard with username and password.

Expected Output

OCTI should reach out to LDAP server via the client and allow user access into the OCTI platform.

Actual Output

The OCTI Platform container restarts on every attempt to authenticate via LDAP.

richard-julien commented 1 year ago

Hi @srobier , our current instances configured with LDAP are currently working. Do you have any logs to help?

srobier commented 1 year ago

Hello Richard, Currently the browser console displays "POST https://myiip/dnsname/graphql" net::ERR_EMPTY_RESPONSE. I understand what that error means, just not sure why when I run a ldapsearch query it returns the expected user data. See below for query run on LDAP server that is successful in returning user information: ldapsearch -x uid=test@test.com -b dc=opencti,dc=com -H ldap://LDAPserverIP:389 -s sub "(objectClass=People)" givenName -D "cn=ldapadm,dc=opencti,dc=com" -W

srobier commented 1 year ago

OCTI log "{"auth":{"email": "testuserone","ip":"::ffff:7.211.0.218","referer":"http://opencti:8080/dashboard"},"category":"AUDIT","level":"error","message":"LOGIN","resource":{"provider":"ldapauth"}}"

srobier commented 1 year ago

Issue has been resolved.